cisco 2621XM Router -Internet Access Problem!

[mhchin]

I am new to CISCO Routers and having problems configuring Internet Access using a 2 MB leased line for internal LAN users.
I can ping my Serial IP and default Gateway and LAN IP, all assigned by my Leased Line provider.
I can't ping my ISP DNS Server, using tracert from workstation to my ISP DNS server (202.188.0.133) shows only 2 Hops to
192.168.42.252 (Fastethernet 0/0 Internal IP Add)
219.93.x.x (default Gateway)

Can someone point out what I am doing wrong/ not doing?
Thanks a lot!

----------------------------------------------------
My Router Current configuration : 1076 bytes
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname ics_cisco
!
enable password xxxxxx
!
ip subnet-zero
!
ip name-server 202.188.0.133
ip name-server 202.188.1.5

!
interface FastEthernet0/0
ip address 219.93.x.x 255.255.255.224 secondary
ip address 192.168.42.252 255.255.255.0
ip nat inside
duplex auto
speed auto
!
interface Serial0/0
ip address 219.94.x.x 255.255.255.252
ip nat outside
!
interface BRI0/0
no ip address
shutdown
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip default-gateway 219.94.x.2
ip nat pool testpool 219.94.x.1 219.94.x.1 netmask 255.255.255.252
ip nat inside source list 1 pool testpool overload
ip classless
ip route 0.0.0.0 0.0.0.0 Serial0/0
ip http server
ip pim bidir-enable
!
!
access-list 1 permit 192.168.42.0 0.0.0.255

 

[baddos]

Try

no ip route 0.0.0.0 0.0.0.0 Serial0/0
ip route 0.0.0.0 0.0.0.0 219.94.x.2

Also, I don't see any configuration on your serial0/0 port except the IP. Are you sure you can ping the 219.94.x.2 from the router?

 

[mhchin]

Thanks baddos for responding.

Have try changing the route to direct traffic through the default gateway, 219.94.x.2 but still cannot ping my ISP DNS Server.

These are the pings result:-

cs_cisco#ping 219.94.x.1
Sending 5, 100-byte ICMP Echos to 219.94.x.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 8/8/12 ms

ics_cisco#ping 219.94.x.2
Sending 5, 100-byte ICMP Echos to 219.94.x.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/8 ms

! ping to ISP DNS Server
ics_cisco#ping 202.188.0.133
Sending 5, 100-byte ICMP Echos to 202.188.0.133, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Below are the serial interface details:-
Serial0/0 is up, line protocol is up
Hardware is PowerQUICC Serial
Internet address is 219.94.x.1/30
MTU 1500 bytes, BW 1544 Kbit, DLY 20000 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation HDLC, loopback not set
Keepalive set (10 sec)
Last input 00:00:09, output 00:00:04, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: weighted fair
Output queue: 0/1000/64/0 (size/max total/threshold/drops)
Conversations 0/1/256 (active/max active/max total)
Reserved Conversations 0/0 (allocated/max allocated)
Available Bandwidth 1158 kilobits/sec
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
308 packets input, 23659 bytes, 0 no buffer
Received 257 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored, 0 abort
459 packets output, 44646 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
0 carrier transitions
DCD=up DSR=up DTR=up RTS=up CTS=up

What commands can be use to pinpoint the problem?

I noticed that the range of Public address assigned for my LAN is of a different subnet from my serial and default gateway subnet. 219.93.x.x/27 and 219.94.x.x/30. Is this a normal practice?

Thanks.

 

[peco0904]

Firstly, you may not be able to ping the isp dns server anyway. if it is behind a firewall icmp packets (ping , traceroute, etc )are usually blocked. The firewall will only usually allow dns requests and replys. so doing nslookup from your LAN may be a better test.

secondly the serial interface ip address may not be routed from the DNS server whereas the LAN address range will be.

It seems you can ping the x.2 address at the other end of the serial connection.

try pinging this from your LAN

if you cannot, try doing a show ip nat trans command to see if the nat translation is working

 

[mhchin]

Thanks peco0904 for responding.

Our ISP DNS Server has always been reacheable. ICMP packets are not blocked.

From LAN, I can ping my Serial IP and Default Gateway, of course through FastEthernet 0/0 IP 192.168.42.252.

show ip nat trans does not return anything, blank line.

I am using dynamic NAT overloading my Serial IP.

Thanks.

 

[baddos]

Do a trace route to it. That will show you were the icmp traffic stops.

 

[mhchin]

Problem cleared. I can ping my ISP & other hosts on the Internet. LAN Terminals can browse the internet.

I removed all Access list for incoming traffic to start afresh. I need to find good references for ACLs.

Thanks to Baddos & peco0904 for lending a hand. Appreciate your time & effort. Have a good Day!